Originally Posted by
Holger_Gehrke
'
Changes in '/etc/' are more cause for concern. Nothing should be able to make changes in '/etc/' unless it has rather high level permissions.
I'd try using find and the '-mmin' test to look for the changed files in the directories. Something like
Code:
find /etc ~/Videos ~/Downloads ~/Pictures ~/Music ~/.cache ~/.config ~/Desktop ~/.mozilla ~/.local ~/.gnupg -mmin +180 -a -mmin -720
This would look for files changed more than 3 hours (180 minutes) but less than 12 hours (720 minutes) ago. Change the times to fit the time where nothing
should have happened.
Holger
Thanks a million for the code. I typed it in with and without sudo.
Without sudo I got the following result:
Code:
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/etc/cups/ssl’: Permission denied
With the sudo, for which I typed in my password, I got no result.